Cert-In issues new guidelines for government bodies, mandates appointment of CISO

The Indian Computer Emergency Response Team (Cert-In) on Friday issued a set of guidelines to be followed by government organisations and their departments to ensure cybersecurity and safety.

“The guidelines shall assist security teams to implement baseline and essential controls and procedures to protect their cyberinfrastructure from prominent threats. These guidelines shall also act as a baseline document for administration and audit teams (internal, external/ third-party auditors) to evaluate an organisation’s security posture against cyber security baseline requirements,” read the notification.

As a part of the new guidelines, Cert-In has mandated that senior management of government organisations should nominate a chief information security officer (CISO) for information technology security and share the details of such person with it.

All government organisations must also formulate a cyber security policy, assign roles and responsibilities of CISO, and put in place a dedicated and functional cyber security team, Cert-In said.

“Organisations should conduct an internal and external audit of the entire ICT infrastructure and deploy appropriate security controls based on the audit outcome. Internal information security audit to be conducted at least once in 6 months. 3rd Party Security audits must be conducted at least once a year,” the new guidelines said.

The guidelines follow several attacks on the network and internet infrastructure of several government-run websites, including the All India Institute of Medical Sciences.

Discover the stories of your interest


Last year in November, an attack on the state-run hospital’s infrastructure left most of its systems, including the online booking and registration of patients, out of service for nearly a month before access was restored. Apart from AIIMS, there have been repeated attempts of successful and unsuccessful cyberattacks on the websites and infrastructure of several other central and state-run government agencies as well.

The new guidelines, Cert-In said, would establish a prioritised baseline for cyber security measures and controls within government organisations and their associated organisations.

“The government has taken several initiatives to ensure an open, safe & trusted and accountable digital space. The guidelines are an important part of our larger cybersecurity framework,” the minister of state for electronics and information technology Rajeev Chandrasekhar said.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.